Hosting Provided By

Re: [Clamav-users] RFC: Recognize mbox format

From: jef moskot <jef(at)math.miami.edu>
Date: Fri Oct 12 2007 - 12:33:28 EDT

On Mon, 8 Oct 2007, Joao S Veiga wrote:
> To me, is more logical/easier/less annoying to explode the mboxes ONLY if
> something is found in them instead of exploding all the mboxes to scan them (in
> 99.842% of the cases, they will be clean anyway).

If you use the SaneSecurity signatures, it is actually extremely likely that you will find "infected" files in existing mailboxes. The signatures are terrific, but there is an unavoidable lag between the newest phishes and the updated sigs, moreso than in the standard anti-virus sigs.

This is the case in my environment, anyway.

Jeffrey Moskot
System Administrator
jef@math.miami.edu

Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html Received on Fri Oct 12 12:47:42 2007

This message: [ Message body ]
Next message: Aniruddha: "Re: [Clamav-users] Does clamav protect against rootkits?"
Previous message: Dennis Peterson: "Re: [Clamav-users] Some question on freshclam"
In reply to: Joao S Veiga: "Re: [Clamav-users] RFC: Recognize mbox format"
Next in thread: John W. Baxter: "Re: [Clamav-users] Getting line numbers"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Jul 16 2008 - 14:46:08 EDT